CVE-2019-7308 — MEDIUM (5.6)

Q: How severe is CVE-2019-7308?

CVE-2019-7308 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-7308?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Opensuse Leap.

Vulnerability Description

kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.

CVSS Score

5.6

MEDIUM

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 4.19.19
Canonical	Ubuntu Linux	14.04
Opensuse	Leap	15.0

Related Weaknesses (CWE)

CWE-189

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=979d63PatchThird Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3bd74PatchThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.htmlThird Party Advisory
http://www.securityfocus.com/bid/106827Third Party AdvisoryVDB Entry
https://bugs.chromium.org/p/project-zero/issues/detail?id=1711Issue TrackingPatchThird Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.6Third Party Advisory
https://github.com/torvalds/linux/commit/979d63d50c0c0f7bc537bf821e056cc9fe5abd3PatchThird Party Advisory
https://github.com/torvalds/linux/commit/d3bd7413e0ca40b60cf60d4003246d067cafdedPatchThird Party Advisory
https://support.f5.com/csp/article/K43030517
https://support.f5.com/csp/article/K43030517?utm_source=f5support&amp%3Butm_medi
https://usn.ubuntu.com/3930-1/Third Party Advisory
https://usn.ubuntu.com/3930-2/Third Party Advisory
https://usn.ubuntu.com/3931-1/Third Party Advisory
https://usn.ubuntu.com/3931-2/Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=979d63PatchThird Party Advisory

FAQ

What is CVE-2019-7308?

CVE-2019-7308 is a vulnerability with a CVSS score of 5.6 (MEDIUM). kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different stat...

How severe is CVE-2019-7308?

CVE-2019-7308 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-7308?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Opensuse Leap.